oss-sec mailing list archives
Re: CVE Request: php5 pdo array overread/crash
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 02 Aug 2012 13:47:54 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/02/2012 05:37 AM, Marcus Meissner wrote:
Hi, I think this issue does not have a CVE id yet as far as I can see: Prepared statements in PHP5 pdo can be used to cause an array overread and crash of the php5 interpreter instance. References: Report on Bugtraq: http://seclists.org/bugtraq/2012/Jun/60 Upstream PHP bug (including testcase) available at: https://bugs.php.net/bug.php?id=61755 https://bugzilla.novell.com/show_bug.cgi?id=769785 Ciao, Marcus
Please use CVE-2012-3450 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQGtlqAAoJEBYNRVNeJnmTmfMQAKuAeGWG9FsAFqQXzno7Lfze aGksvLs799vJOCj2a97lgoOK2rl3Q0YrqsAGdREZOPs9Xr3lTUrMPSMuivHj0ghb 9j269jLy3IKD6LcjZWi1GFbBx7IHVaEZ6W0pHaGUByXRe8eUZM6Ydu6k+J4gMVk1 kt/l55MIvryyY0nJXA3TeyZW3M6mCT76t/E7llczHnDlaztuuBVYEDBPclGepTId EY+697OJQedMCXIjXoenKyn4D1bhDSGxNuW+7/Cju6phfpbIeYcdP7LWqTfdc7m/ KbN+Ry9jwcpv73usnFvVocRRdp7XtbHEtS4bJ0NlG8RqkWqbjdQIjYYK3EwiayAa N519HfNJEnpW+avHrfGWE8Xw864I3W3SwjE0Z/3hKeGJffEwHW1x6apAeCfwKJ5O 5ak9yufZsrgUP/E4mO3lZXOMfkMnWO063icC+fKSV77MhFF44dkLwp5hlo2OesMz EzTPA0XWMZ+k1veg+ISFNm6DAdQX8NlKrfZvbxrlfLiOe5nZmimCCyXeDGHCsqQw KfpTB2nDseWntojIZf0vmZ+e4AKGoQ6ZeFOwbTdtyAG94cF5QMc2v4wZzVbBh+1U 5FDF2MKSeKMnYYJsrUxze/wOwD3upSxzyO6Wiy/4Kt1hHA9MdQw0G61tkA8n/YbN xeQbLeuxtW2V0Ok/AkWh =F43T -----END PGP SIGNATURE-----
Current thread:
- CVE Request: php5 pdo array overread/crash Marcus Meissner (Aug 02)
- Re: CVE Request: php5 pdo array overread/crash Kurt Seifried (Aug 02)